* Posts by Povl H. Pedersen

32 posts • joined 23 Aug 2017

Microservices guru says think serverless, not Kubernetes: You don't want to manage 'a towering edifice of stuff'

Povl H. Pedersen

Cloud or not

Cloud has many advantages.

The biggest advantage is that it is not a headcount item, so you can not downsize management of the servers. Servers do get patched. No FUD can delay that. Bad code will break, but you have to adapt. Inside company walls - own servers - you would be forced to roll back.

But it is expensive, comes with very little support. But usually runs better than self-maintained.

I like cloud for many reasons, but there are also risks associated with it. You have to compare internal operations risks vs cloud operations + cloud risks.

Many companies outsources or goes cloud because they can not get qualified staff to run things on-site. Devops (the new word for the classic sysadm) people are a rarity.

Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers

Povl H. Pedersen

Passwords ?

No good app will have passwords.

It will at best have API keys that are hardwired, and likely changed for each release so they can be used to track releases in use.

The good things with API keys is, that they are applied before user validation, and before users gets their access token, giving them access to only their own data.

And you can block API keys, so basicly killing 1 version of the software only. Or throttle them. Or other interesting things.

Anything looking like a university should be aware, and do things the right way.

You there. Person, corp, state. Doesn't matter. You better not shoot down or hack a drone. That's our job – US govt

This post has been deleted by a moderator

My life as a criminal cookie clearer: Register vulture writes Chrome extension, realizes it probably breaks US law

Povl H. Pedersen

EU law

EU law prevents them from setting the cookies in the first place without consent. So say no to tracking cookies instead. Or sue them if that does not work.

Better attack than defend

Stinker, emailer, trawler, spy: How an engineer stole top US chip designs, smuggled them to China to set up a rival fab

Povl H. Pedersen

Security Clearance

I think in many places, there is a security clearance needed. Maybe the companies who lost the data here were not defence contractors, and thus where not required to get a security clearance.

Maybe the FBI / NSA gave them a security clearance.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

Povl H. Pedersen

Everybody follows the minority player

Again, everybody follows the small marketshare player Apple.

They sell less than 15% of all smart-phones, yet considered a monopoly. I guess they redefined what monopoly means :-)

Now, when will we get warnings in Windows about clipboard snooping ? Something Apple will warn about in next gen OS-X and iOS.

C is for 'Careful now', D is for 'Download surprise': Microsoft to resurrect optional Windows 10 updates as 'Previews'

Povl H. Pedersen

ADRM

Oh, I thought AD RM was ReMove Active Directory ?

Maybe Microsoft did too, and wanted to remove the threat.

If you're despairing at staff sharing admin passwords, look on the bright side. That's CIA-grade security

Povl H. Pedersen

Re: Numpties, the lot of 'em.

They used Cyber because Super was already taken, and Cyber sounds a bit more middle eastern.

Splunk to junk masters and slaves once a committee figures out replacements

Povl H. Pedersen

Swedish situation

The US is trying to end up in a swedish situation.

To not make difference between people is pure socialism.

BlackLivesMatter are racists because they use skin color to promote their case. They should change their slogan to "All LivesMatter", and put action behind it, instead of meeting at virus spread meetings

Smart fridges are cool, but after a few short years you could be stuck with a big frosty brick in the kitchen

Povl H. Pedersen

There is a reason why we are many that tries to un-cloudify our products.

My Xiaomi is cloudsless thanks to valetudo.

All zigbee devices are controlled through zigbee2mqtt

All WiFi Switches runs Tasmota if they do not natives support MQTT.

My Visonic alarm system is networkable thanks to a $4 serial to Ethernet module and not the $250 cloud bridge.

And everything is controlled by Home Assistant

Latvian drone wrests control from human overlords and shuts down entire nation's skies

Povl H. Pedersen

RTC

In case of comms lost, it likely has an emergency procedure. A few years ago, drones always entered into RTC mode (Return to China).

So look east, likely somewhere into Russia.

Still do not understand why loss of radio would cause loss of drone. As I would see it, it would either return to launch point, a preprogrammed coordinate set (maybe (0,0) if not set, or continue its operation for 90 hours, but then they would know where it is. Assume it lost GPS, then it should have another fallback option. Say land, continue straight ahead as best as it can using gyros, or maybe pup-up to a safe altitude before doing so.

They need eyes in the skies and ground search radar.

As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother

Povl H. Pedersen

Astronomy next

We all know, that once you get in the vicinity of a BLACK hole, youdo not escape before you are WHITE (Supernova)

You're not fooling anyone on that vid-conference call: Walmart says shirt sales soaring, pants not pulled up

Povl H. Pedersen

Not new

See the danish reporter here, Jesper Steinmetz. Full suit on top, reporting from the lawn in front of the white house.

As for trousers and footwear see the image in top of article.

https://www.independent.co.uk/news/weird-news/danish-tv-reporter-is-all-business-up-top-all-party-down-below-9633505.html

Admins beware! Microsoft gives heads-up for 'disruptive' changes to authentication in Office 365 email service

Povl H. Pedersen

To get customers

This is to get customers for AzureAD.

The great secret here is, that App password completely bypasses any OAuth2 requirement, MFA etc.

Whatever filtering you create, app password just bypasses it - At least until team Evil gets users to create one for them :-)

Even better than getting user consent in 3 clicks.

Quick, get the popcorn: Amazon Web Services says Microsoft's benchmarks for Azure are a load of stripe

Povl H. Pedersen

Enterprise users on O365 will know, that Microsoft is about 1000% slower than anything they have used before :-)

But I guess we only get the leftover cycles from customers paying for those.

So you locked your backups away for years, huh? Allow me to introduce my colleagues, Brute, Force and Ignorance

Povl H. Pedersen

Macintosh

In the 80ties, I worked as a student at the campus Apple center, and later at the big Apple center in town.

We has harddisk issues as well. The Sony 20MB used in Macintosh SE/30 had lubrication that got thicker over time. So at some point, you could not let the computer stay without power over the weekend, or it would not boot monday morning.

First trouble shooting was to try to turn the whole computer 180 degrees back and forth more or less around the center of the harddrive. If that did not work, open the computer, out with the disk, and then in one hand twist it back and forth almost like making a milkshake. Then try to boot again.

It is unbelievable how many customers continue with the defective disk instead o just buying a new one. But SCSI disks where expensive at that time. And if not powered off, they could run for decades.

Rockstar dev debate reopens: Hero programmers do exist, do all the work, do chat a lot – and do need love and attention from project leaders

Povl H. Pedersen

Rockstars

There are the ego type Rockstars, that gets their own isolated parts of the system, as nobody wantys to work with them. They are not really rockstars.

To me the Rockstar has a fanbase among the other developers, he is the one people comes to and asks for advice, and uses for sparring about new ideas. He is the one that will actually help the team as a whole, and communications is part of this. In a pure nerd group, comms is different than in a mixed skills group.

It's always DNS, especially when you're on holiday with nothing but a phone on GPRS

Povl H. Pedersen

Current workplace has servicedesk people on duty 24/7.

People with knowledge are not on call. BUT, if things goes wrong, they will start calling managers, who then have to try to contact their employees. For now, there has always been someone who could help. And we are good at finding hacks to get things running until the right persons are available.

I have been guiding people over the phone from holidays in Italy. But I never bring a PC on holidays, so people can not expect more than that. And if it is work, I will usually answer only when it is convenient. So I mostly get SMS messages telling me to read mail.

BTW: After the on-call fees where suspended, all systems started to run much better during night. Now the people responsible did not want to get disturbed anymore.

Class-action sueball over refurbed iThings will ask Apple what 'as good as new' means

Povl H. Pedersen

Apple lost in Denmark

Apple lost court case in Denmark some years back. They can not repair with used parts, and can not use refurbished phones for warranty replacement.

They will have to repair with new parts, or give you a replacement with only new parts aka new device.

Not all companies are happy about this. But when my Polar watch had issues, I got factory new electronics, in my scratched case. My running watch before that was a Garmin, where 3 refurbished replacements all had issues.

But in Denmark Apply supplies factory new replacement units.

For real this time, get your butt off Python 2: No updates, no nothing after 1 January 2020

Povl H. Pedersen

Java popular ?

How can you call Java popular ? Have you talked to a Java programmer recently ?

You might say it is one of the 3 most widespread languages (like diseases can be spread). But popular is a complete misconception.

For all that does not know, 9 out of 10 cases, AI stands for A-lot-of-Indians. They are cheaper to train, uses way less power, and generates results of the same quality as household AI available for decent money. It is real intelligence to substitute Indians for CPU.

World recoils in horror as smartphone maker accused of helping government snoops read encrypted texts, track device whereabouts

Povl H. Pedersen

Uganda

Uganda has authorities that spies on people. I worked there for some months 20 years ago, when a shared 64kbit wireless high latency connection was great.

After I got home, I was actually approached by somebody who wanted to recruit me to do hacking and spying on behalf of the politicians / secret police units.

I contacted my home intelligence service, and was told that I could take the contract if I wanted, as this was not targeting NATO or our citizens. I decided against it. So yeah, most governements outside western europe spies on its citizens.

J'accuse! Amazon's Rekognition reckons 1 in 5 Californian lawmakers are crims in ACLU test

Povl H. Pedersen

Re: Amazon's Rekognition system wrongly matched one in five Californian politicians with images

99% ? That is just like accuracy of policemen in the US.

99% of the bullets fired miss the target, and only 1% hits.

If the target is hit, he is by definition guilty of something that warranted his shooting. The US should shar forbidding unjust force.

Drone fliers are either 'clueless, careless or criminal' says air traffic gros fromage

Povl H. Pedersen

Re: How high?

I live in Denmark, and the law is there to protect the general public from danger, and the new thing is privacy.

We have a 5km NFZ around airport, 8km around military airports - They tend to fly a bit lower with jets. We can fly up to 100m outside cities, planes can go down to 150m - so 50m separation if everybody puhes it to the limit. 2km distance to medic heliports (typical at hospitals). 150m away from buildings, parks/beaches near built-up areas, larger roads (defined as speed limit 70 km/h or more), railways, traffic accidents, nature preserves etc. 50m away from non-spectating people, ships etc.

For indoor shows, there must be sufficient protection of spectators.

Rules are simple, a license is £2.00. Drones must be marked with owners registration number, name and phone number. And you must have insurance.

Take my bits awaaaay: DARPA wants to develop AI fighter program to augment human pilots

Povl H. Pedersen

Predictable ?

How can they even come up with an idea that evasive maneuvers should be predictable ?

Anything predictable is the the easiest to attack and kill. It should be completely unpredictable and crazy. It should be a surprise to any opponent or foreign AI (which usuaully means Alotof Indians).

The algoritms should be the most secret in the world, so will usually be outsourced to a contractor with development offices in Ukraine, Russia, India or China.

Now here's a Galaxy far, far away: Samsung stalls Fold rollout after fold-able screens break in hands of reviewers

Povl H. Pedersen

Apple was first

Apple was first with the foldable telephone that broke the screen.

Look back at iPhone 6 and #bendgate.

Samesong is just soo late at copying Apple failures.

South Korea reckons mystery hackers cracked open advanced weapons servers

Povl H. Pedersen

North Korea is supposed by China, so anything stolen by North Korea will likely end up China as well

Which? That smart home camera? The one with the vulns? Really?

Povl H. Pedersen

Re: It's all relative

There is likely one secure solution out there, in the cheaper price range.

It is called Raspberry Pi ZeroW + camera.

Closed source solutions are crap, I have them, but on independent VLAN, and with no Internet access.

We need more open source cams. Most chinese cams are running Linux anyway, so it would be trivial for the vendors to publish specs on the DSP and camera hardware, and thus let us create open firmware.

The first to do it would get lots of business, but likely would suffer from customers not upgrading their crap as fast.

Things that make you go hmmm: Do crypto key servers violate GDPR?

Povl H. Pedersen

How about blockchain

If somebody posts personal data about John Johnson on the blockchain, say for Bitcoin, how can John Johnson get it deleted ? This is also not possible.

I heard rumors that somebody who dislikes Bitcoin at some point upload a child pornographic image to the blockchain, basicly making the blockchain illegal material in most countries. Could have been government actor.

Latest F-35 flight tests finish – and US stops accepting new jets

Povl H. Pedersen

Turkey

I still do not understand why all engines will have to be serviced in the country that is now Russias best friend. That alone is a risk. But maybe they can deliver the worst job at the lowest price ?

Don't have crityical stuff done south of the alps, it is just as bad as Americans having things done south of the border.

Must have been decided by Mr. Donald himself.

US spanks EU businesses in race to detect p0wned servers

Povl H. Pedersen

GDPR

GDPR gives you 4 days to contact authorities after you have VERIFIED that a breach has taken place. There is no penalty for being slow to detect, or reading about your breach in media.

GDPR is mostly an excercise in getting documentation and processes in place, and very little about necesary technical controls.

Cloudflare touts privacy-friendly 1.1.1.1 public DNS service. Hmm, let's take a closer look at that

Povl H. Pedersen

1.1.1.1 conflict

I have actually seen many capture-portals on WiFi redirecting users to 1.1.1.1.

Not sure if this will be a problem, or if the 1.1.1.1 routing will work correctrly after accepting the WiFi terms&Conditions

Apple iCloud Keychain easily slurped by cops, ElcomSoft claims

Povl H. Pedersen

Big problem

NOT. To get access to the keychain you need:

icloud username and pasword

and a verified device with 2FA.

Then you can get access to the keychain.

The only thing you bypass is really the local device password of the device having keychain access. Is this a problem ? Not really, but it means I will take my non-pasword protected iPad that the children uses, and move it to a family account.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020